REMARKS 

No claims are amended. Claims 1-8, 15-16, and 24-32 stand withdrawn. 
Claims 1-32 are pending and are listed below. In view of the foregoing 
amendments and the following remarks, Applicant respectfully requests that this 
application be allowed and forwarded on to issuance. 

Response to Restriction Requirement 

In the current Action, the Office restricts Applicant's claims to the following 
five groups: 

I. Claims 1-8 and 15-16 

II. Claims 9-14 and 17-23 
IE. Claims 24-27 

IV. Claims 28-29 

V. Claims 30-32 

Applicant has already orally elected Group II, with traverse. In the Action, the 
Office states that Group I is drawn to "generating a database or data structure", while 
Group II is drawn to "privileged access". {Office Action of 06/14/06, p. 2). 
Applicant respectfully submits, however, that Groups I and II can both be said to 
relate to privileged access. Applicant thus respectfully requests the Office to 
reconsider the grouping of the restriction requirement. Applicant also suggests an 
alternative grouping of the claims: 

Group A: Claims 1-24, all including a credential provider module 

Group B: Claims 25-32, all including a pre-logon access provider 
(PLAP) module 
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Applicant submits that the suggested grouping more appropriately groups 
the claims, with one group relating to credential provider modules and the other 
relating to PLAPs. Applicant also submits that examining the respective claims in 
proposed Groups A and B does not seriously burden the Office. 

Applicant thanks the Office in advance for its reconsideration. 

Claim Objections 

Claims 9-14 and 17-23 stand objected to because of informalities. 
Specifically, the Office states that it is unclear as to what an OS, LSA, SAM, AD or 
KDC. 

Applicant respectfully submits that the claims are clear in their original form. 
Applicant reminds the office that a patentee is free to be his or her own 
lexicographer. Here, Applicant has clearly defined all of the above-listed terms in 
the specification. Applicant respectfully directs the Office to paragraphs 9, 39, and 
40 of the specification as filed. 

Applicant thus respectfully requests the Office to withdraw its rejection, and 
thanks the Office in advance for its reconsideration. 

§112 Rejections 

Claims 11 and 19 stand rejected under 35 U.S.C. §112 as failing to comply 
with the written description requirement. The Office states that the claim element 
"the user is not logged on" does not have basis in the original disclosure, thus 
rendering the claims indefinite. Applicant respectfully traverses the rejection. 

Applicant instead submits that one of ordinary skill in the art at the time the 
invention was made would understand Applicant to have possession of the subject 
matter of claims 11 and 19 at the time of the application's filing. Paragraph [0035] 
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of Applicant's originally-filed specification is reproduced below for support 
(emphasis added): 

Figure 2a depicts a flowchart illustrating an exemplary process 200a 
for identifying and authenticating users to be logged on and thereby 
gain access to local and network resources via an operating system of a 
local machine. A plurality of credential provider modules 202 has been 
provided by various independent software vendors, any one of which 
can be used by the local machine to identify and authenticate the users. 
As such, the credential provider modules 202 are coexisting interfaces 
to the operating system through which a user can be logged on to the 
local machine through its operating system. 

Applicant respectfully submits that it is implicit in the above passage that a 
"user is not logged on to the local machine when the translated credentials are 
authenticated", as recited in claim 11. The above passage describes that the user is 
attempting to "log[] on and thereby gain access to local., .resources" with the use of 
the credential provider modules. Applicant respectfully submits that this implies 
that, before authentication process, the user did not have access to the local 
resources, and thus was "not logged on". 

Applicant thanks the Office in advance for its reconsideration and respectfully 
requests that the rejection be withdrawn. 



§102 Rejections 

Claims 9-11, 13-14, 17-19 and 22 stand rejected under 35 U.S.C. § 102(e) as 
being anticipated by U.S. Patent Pub. No. 2003/0177388 to Botz et al. (hereinafter, 
"Botz"). Applicant respectfully traverses the rejection. 

Claim 9 recites a method comprising (emphasis added): 

• receiving a credential from a user at an input device in 
communication with a local machine having an operating system 
(OS); 
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• translating the credential with one of different coexisting 
credential provider modules for translating respectively different 
types of credentials into a common credential protocol; 

• using a component of the OS to authenticate the translated 
credential having the common credential protocol against a 
credential database; and 

• logging the user on with the OS to access the local machine when 
the authentication is successful 

In making out a rejection of claim 9, the Office states that Botz discloses all 
of the elements of Applicant's claim, including "translating the credential with one 
of different coexisting credential provider modules for translating respectively 
different types of credentials into a common credential protocol". (Office Action 
of 06/14/06, p. 6). In claiming that Botz teaches the translating element, the Office 
cites to Page 1, Paragraph [0007] of the reference. This passage is reproduced 
below for the Office's convenience: 



SUMMARY OF THE INVENTION 

[0007] The shortcomings of the prior art are overcome and additional 
advantages are provided through the provision of an authenticated 
identity translation method which includes: establishing an authenticated 
user identity responsive to an identification and authentication event 
within a domain comprising an initial authentication unit and a 
subsequent authentication unit, the identification and authentication 
event occurring at the initial authentication unit, the initial 
authentication unit and the subsequent authentication unit employing 
disparate user registries with different user identities; generating a token 
representative of the identification and authentication event to be 
forwarded to the subsequent authentication unit; and translating the 
authenticated user identity of the initial authentication unit to a local 
user identity of the subsequent authentication unit, wherein the 
subsequent authentication unit initiates the translation employing the 
token. 

(Botz, paragraph [0007]). 
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In a footnote, the Office then states that "the authenticated user identity 
corresponds to the credential (being translated) claimed; [and] the initial 
authentication unit corresponds to one of different coexisting credential provider 
modules claimed'. {Office Action of 06/14/06, p. 6, n. 2) (emphasis added). 

Applicant respectfully submits that the Office fails to state a prima facie case 
of anticipation, as the Office has not shown how Botz teaches "different coexisting 
credential provider modules for translating respectively different types of 
credentials" as recited in Applicant's claim. Furthermore, Applicant submits that 
Botz cannot be shown to disclose or teach this element. 

First, Applicant respectfully submits that the Office's own characterization of 
the above-cited portion of Botz fails to show how Botz teaches "different coexisting 
credential provider modules", as recited in Applicant's claim, (emphasis added). As 
both the Botz passage and the Office state, paragraph [0007] only discusses a single 
authentication unit. Thus, even if the authentication unit were a credential provider 
module, which Applicant does not concede, the rejection would be improper as 
failing to show how Botz teaches "different coexisting credential provider modules". 
(emphasis added). 

For at least this reason, Applicant respectfully submits that this claim is 
allowable. 

Furthermore, Applicant also respectfully submits that Botz cannot be shown 
to teach this element. Instead, Botz aims to provide an "approach to authenticated 
identity translation within a multi-computing unit environment to. ..facilitate. . .inter- 
operation between systems employing disparate registry systems" {Botz, p. 1, 
paragraph [0006]). As an example of such disparate systems, Botz discusses 
different operating systems, each of which may maintain its own user registry that 
includes user ID's and passwords. Id. at [0004]. In an attempt to counter this 
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disparateness, Botz describes a system wherein a user need only authenticate at an 
initial authentication unit before the authenticated user identity is translated to 
conform to a subsequent authentication unit. Id. at [0007], If successful, the Botz 
system would therefore allow a user to only have to authenticate their identity 
once, rather than having to "sign in" each time she wanted to access another 
system with a different user registry. Botz makes no mention of any system that 
allows the user multiple ways to "sign on" to the system. 

This is to be contrasted with Applicant's claim, which recites "different 
coexisting credential provider modules", (emphasis added). For the Office's 
convenience, Applicant reproduces on the following page Applicant's Figure 2a, 
which is a non-limiting example of Applicant's disclosure. 
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As Figure 2a depicts, Applicant's disclosure may include "different 
coexisting credential provider modules", such as modules 103, 105, 107 and 208. 
Botz, meanwhile, has only been shown to at most include a single authentication 
unit. 

Botz thus does not relate to or evince a concern for "translating the credential 
with one of different coexisting credential provider modules for translating 
respectively different types of credentials into a common credential protocol", as 
recited in Applicant's claim, (emphasis added). 



24 



For at least this additional reason, Applicant respectfully submits that this 
claim is allowable. 

Claims 10-11 and 13-14 depend from claim 9 and are allowable as 
depending from an allowable base claim. These claims are also allowable for their 
own recited features which, in combination with those recited in claim 9, are 
neither disclosed nor suggested in the references of record, either singly or in 
combination with one another. 

Claim 17 recites a method comprising: 

• receiving a credential from a user at an input device in 
communication with a local machine having an operating system 
(OS); 

• translating the credential with a credential provider module that 
corresponds to the input device, wherein: 

o the credential provider module is one of a plurality of 
coexisting different said credential provider modules; and 

o each said credential provider module can perform a 
translation of a respectively different type of said 
credential received at a different said input device in 
communication with the local machine; and 

o each said translation of each said credential is in a 
common credential protocol; 

• communicating the translated credential having the common 
credential protocol through a credential provider interface to a 
logon UI routine of the OS; 

• passing the translated credential having the common credential 
protocol to a logon routine of the OS from the logon UI routine; 

• authenticating the translated credential against a credential 
database with the logon routine of the OS; and 

• logging the user on to access the local machine with the OS when 
the authentication is successful. 

In making out a rejection of this claim, the Office uses reasoning similar to 
that described above in regards to claim 9, and also cites additional portions of 
Botz. Applicant respectfully traverses the rejection and submits that Botz fails to 
disclose at least "wherein the credential provider module is one of a plurality of 
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coexisting different said credential provider modules", as recited in Applicant's 
claim. 

In claiming that Botz discloses this particular element, the Office cites to 
paragraph [0042] of Botz and specifically points out that the initial Authentication 
Server is a "particular server within a defined trust set of servers". (Office Action 
of 06/14/06, p. 8). 

Applicant respectfully submits that the Office fails to state a prima facie 
case of anticipation for failing to show "wherein the credential provider module is 
one of a plurality of coexisting different said credential provider modules". 

First, Applicant submits that the cited passage of Botz fails to even disclose 
whether or not the other servers within the "defined trust set of servers" are 
authentication servers. At most, Botz is silent on the matter. Thus, Applicant 
submits that even if the Botz Authentication Server discloses Applicant's 
credential provider module, which Applicant does not concede, the Botz passage 
cannot be shown to disclose a "plurality of coexisting different [] credential 
provider modules", as recited in Applicant's claim, (emphasis added). At most, 
the passage discusses a single Authentication Server which is one of many other 
servers, all of which have purposes unknown. 

Second, Applicant respectfully submits that the passage fails to show 
"wherein the credential provider module is one of a plurality of coexisting 
different said credential provider modules", (emphasis added). Again, assuming 
both that an Authentication Server is a credential provider module and that there 
are multiple authentication servers, neither of which Applicant concedes, 
Applicant submits that the passage would still fail to disclose that the modules are 
different. Applicant refers the Office to Applicant's Figure 2a, reproduced above, 
for non-limiting examples of "coexisting different [] credential provider modules". 
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(emphasis added). At the very most, Botz is once again silent on the matter. 
Applicant thus respectfully submits that the phrase "defined trust set of servers" 
fails to serve as a prima facie showing of anticipation for the phrase "plurality of 
coexisting different [] credential provider modules". 

Therefore, for at least these reasons and the reasons discussed above in 
regards to claim 9, this claim is allowable. 

Claims 18-19 and 21 depend from claim 17 and are allowable as 
depending from an allowable base claim. These claims are also allowable for their 
own recited features which, in combination with those recited in claim 17, are 
neither disclosed nor suggested in the references of record, either singly or in 
combination with one another. 

Claim 22 recites a computer-readable medium comprising a credential 
provider module including instructions that, when executed by a local machine 
having an operating system (OS), receive and translate a credential into a 
credential protocol so as to be compatible for authentication by an authentication 
component of the OS against a credential database for logging a user identified by 
the credential on with the OS to access the local machine when the authentication 
is successful, wherein (emphasis added): 

• the translated credential can be received via an interface to the 
authentication component of the OS; 

• the interface to the authentication component of the OS is 
compatible for receiving each of a plurality of said credentials 
from a corresponding plurality of different coexisting credential 
provider modules; and 

• each said different coexisting credential provider module can: 

o receive a respective different type of said credential from a 

respective input device; and 
o translate each said different type of said credential into the 

credential protocol so as to be compatible for 

authentication by the authentication component of the OS 

against the credential database. 
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In making out a rejection of this claim, the Office uses reasoning similar to 
the rejections of the above claims, and also cites additional portions of Botz. 
Applicant respectfully traverses the rejection and submits that Botz at least fails to 
disclose that an "interface to the authentication component of the OS is compatible 
for receiving each of a plurality of said credentials from a corresponding plurality 
of different coexisting credential provider modules", as recited in Applicant's 
claim. 

In claiming that Botz teaches this element, the Office cites paragraphs 
[0007] (discussed above) and [0050]. The Office then states that this element is 
disclosed in the latter paragraph's discussion of "multiple security user registries 
of multiple computer platforms, respectively". 

Applicant respectfully submits, however, that paragraph [0050] only 
discloses a set of computing services that make available information detailing a 
user's individual identity names in the different registries of the different computer 
platforms. Applicant refers the Office to the discussion above in regards to claim 
9, and specifically to Botz's intention of enabling a user to only have to 
authenticate their identity once, rather than requiring the user to "sign in" each 
time she wanted to access another system with a different user registry. Applicant 
also refers the Office to Applicant's Figure 2a, reproduced above, and the 
corresponding discussion. In sum, Paragraph [0050] only discloses registry lists 
and thus does not relate at all to "different coexisting credential provider 
modules". 

Therefore, for at least these reasons and the reasons discussed above in 
regards to claim 9, this claim is allowable. 
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§103 Rejections 

Claims 12, 20 and 23 stand rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Botz in view of U.S. Patent Pub. No. 2004/0139355 to Axel et 
al. (hereinafter, "Axel"). Applicant also respectfully traverses these rejections. 

Claims 12, 20, and 23 depend from claims 9, 17, and 22, respectively. 
Applicant respectfully submits that Axel does not serve to cure the deficiencies in 
the rejections of these base claims. Thus, each of claims 12, 20 and 23 are 
allowable as depending from an allowable base claim. These claims are also 
allowable for their own recited features which, in combination with those recited 
in claims 9, 17, and 22 are neither disclosed nor suggested in the references of 
record, either singly or in combination with one another. 
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Conclusion 

All of the claims are in condition for allowance. Accordingly, Applicant 
requests a Notice of Allowability be issued forthwith. If the Office's next 
anticipated action is to be anything other than issuance of a Notice of Allowability, 
Applicant respectfully requests a telephone call for the purpose of scheduling an 
interview. 



Respectfully submitted, 




RobertG. Hariijafi 
Reg. No. 58,970 
(509) 324-9256 ext 265 
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